[Beowulf] Apologies for the spam/virus yesterday

Andrew Piskorski atp at piskorski.com
Thu Feb 9 13:36:10 PST 2006

On Wed, Feb 08, 2006 at 11:54:31AM -0800, Donald Becker wrote:

> And except for a few weeks scattered over the history of the list,
> I've been the sole or primary moderator.

Uh, sole moderator?  Why is that?  Surely there are dozens of
long-time posters on the list who might be happy to spend a few
minutes each day weeding through the email.  What is stopping you from
farming out human moderation to a much larger number of people?  And
what software do you use for managing the list?

> The bottom line is that we are considering a message board format to
> replace the mailing list.  It would have required logins to 
> post, and retroactive moderation to delete advertising and trolls.
> Any opinions?

Yes:  It's probably a bad idea.  Some of the reasons why are touched on
in this post I wrote recently:


The OpenACS Forums package is pretty good, but I doubt you have any
particular interest in supporting an OpenACS instance.  Furthermore,
although it has its own advantages, even the OpenACS Forums package is
currently NOT a 100% suitable replacement for ANY mailing list, as
unlike mailing lists, it is 100% centralized.

Furthermore, although currently it would certainly cut it down, a
web-based message board with required login would not eliminate spam.
E.g., the Forums on openacs.org do get a small amount of spam.  Some
human moderation would still be necessary for the perfect spam
prevention you seeek.

I think we need a GREAT DEAL more info on the current managment of the
email list and possible ways to improve it before a radical step like
completely junking the email list in favor of a web-based BBoard is
taken, or even seriously considered.

I can think of a some possible tools off the top of my head, but I'm
not sure how effective or practical each would be.  For example, why
can't some form of username/password login be supported in the
existing mailing list?

Certainly, if the mailing list's software supported it I could PGP
sign all my emails to the list with my private key, and those should
then be accepted automatically with no human intervention.  Of course,
it seems that would only really solve the problem if you made it
strictly mandatory, which is probably completely impractical.

Perhaps encryption isn't even necessary.  Many of those web-backed
BBoards don't even protect their login pages with SSL, so a mailing
list could perhaps achieve a roughly similar level of security by
requiring subscribers to insert a username/password pair into the
headers of their email, which the mailing list software would then
strip out.  Hm, unfortunately Cc'ing emails to the list would tend to
defeat that...

How have other mailing lists handled the spam problem?  What research
has been done in this area?  Who else might know?  E.g., I wonder what
tools and techniques Dan Bernstein uses, as he seems to maintain a
bunch of email lists:


I'm not familiar with this subject, and some quick searching doesn't
find any discussion of good solutions.  I'd like to know what else
others have found, learned, or tried.

Andrew Piskorski <atp at piskorski.com>

More information about the Beowulf mailing list